Home > Threat descriptions >

Cryptolocker

Classification

Category: Malware

Type: Trojan

Aliases: Cryptolocker, Trojan.cryptolocker, Trojan.downloader.cryptolocker

Summary


Cryptolocker encrypts files on the compromised computer and demands a ransom to provide the decryption key needed to decrypt the files.

Removal


Automatic action

F-Secure detects Cryptolocker malware using a variety of generic detections. Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting or renaming it.

Restore from backup

Like most ransomware, though the malware itself can be removed, the encryption used to take the files hostage is sufficient to make it very difficult to decrypt the files without the necessary decryption key.

In such circumstances, the recommended course of action is to report the crime to the relevant authorities and restore the affected data from a backup.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Cryptolocker is ransomware that is spread by both malicious file attachments to email messages and via the Gameover Zeus botnet. When Cryptolocker is run, it encrypts files on the compromised machine and displays a message informing the user that a decryption key must be purchased in order to recover access to the files held at ransom.

For more information, see:

Further analysis

If you believe you have encountered an undetected Cryptolocker sample, please send it to us for analysis via our Submit A Sample (SAS) page.

CTB-Locker

Update: 10 February, 2015: Details of the CTB-Locker ransomware which were originally posted in this description have now been moved to a separate description, Trojan:W32/CTB-Locker, to minimize confusion between these two ransomware families.